问题描述

如果有个PHP网站，需要使用AAD授权登录，有没有PHP代码实例 可供参考呢？

参考代码

参考一篇博文（Single sign-on with Azure AD in PHP），学习使用SSO的大体思路。如果对PHP很了解，可以参考Github中的Sample代码。

phpSample/federation.ini

federation.trustedissuers.issuer=https://accounts.accesscontrol.windows.net/v2/wsfederation
federation.trustedissuers.thumbprint=3f5dfcdf4b3d0eab9ba49befb3cfd760da9cccf1
federation.trustedissuers.friendlyname=Awesome Computers
federation.audienceuris=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392
federation.realm=spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7
federation.reply=https://localhost/phpSample/index.php

phpSample/index.php 

/*-----------------------------------------------------------------------

Copyright (c) Microsoft Corporation.  All rights reserved.

Copyright 2012 Microsoft Corporation
All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0

THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR
CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

See the Apache Version 2.0 License for specific language governing
permissions and limitations under the License.

--------------------------------------------------------------------------- */
<?php
require_once (dirname(__FILE__) . '/secureResource.php');
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Index Page</title>
</head>
<body>
<h2>Index Page</h2>
<h3>Welcome <strong><?php print_r($loginManager->getPrincipal()->getName()); ?></strong>!</h3>

<h4>Claim list:</h4>
<ul>
<?php
foreach ($loginManager->getClaims() as $claim) {
print_r('<li>' . $claim->toString() . '</li>');
}
?>
</ul>
</body>
</html>

phpSample/login.php

/*-----------------------------------------------------------------------

Copyright (c) Microsoft Corporation.  All rights reserved.

Copyright 2012 Microsoft Corporation
All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0

THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR
CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

See the Apache Version 2.0 License for specific language governing
permissions and limitations under the License.

--------------------------------------------------------------------------- */
<?php
// uncomment this to display internal server errors.
//error_reporting(E_ALL);
//ini_set('display_errors', 'On');
ini_set('include_path', ini_get('include_path').';../../libraries/;');
require_once ('waad-federation/TrustedIssuersRepository.php');
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Login Page</title>
</head>
<body>
<h2>Login Page</h2>
<ul>
<?php
$repository = new TrustedIssuersRepository();
$trustedIssuers = $repository->getTrustedIdentityProviderUrls();

foreach ($trustedIssuers as $trustedIssuer) {
$returnUrl = $_GET['returnUrl'];
print_r('<li><a href="' . $trustedIssuer->getLoginUrl($returnUrl) . '">' . $trustedIssuer->displayName . '</a></li>');
}
?>
</ul>
</body>
</html>

phpSample/secureResource.php 

/*-----------------------------------------------------------------------

Copyright (c) Microsoft Corporation.  All rights reserved.

Copyright 2012 Microsoft Corporation
All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0

THIS CODE IS PROVIDED *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTIES OR
CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABLITY OR NON-INFRINGEMENT.

See the Apache Version 2.0 License for specific language governing
permissions and limitations under the License.

--------------------------------------------------------------------------- */
<?php
// uncomment this to display internal server errors.
// error_reporting(E_ALL);
// ini_set('display_errors', 'On');

ini_set('include_path', ini_get('include_path').';../../libraries/;');
require_once ('waad-federation/ConfigurableFederatedLoginManager.php');

session_start();
$token = $_POST['wresult'];
$loginManager = new ConfigurableFederatedLoginManager();

if (!$loginManager->isAuthenticated()) {
if (isset ($token)) {
try {
$loginManager->authenticate($token);
} catch (Exception $e) {
print_r($e->getMessage());
}
} else {
$returnUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];

header('Pragma: no-cache');
header('Cache-Control: no-cache, must-revalidate');
header("Location: https://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']) . "/login.php?returnUrl=" . $returnUrl, true, 302);
exit();
}
}
?>

phpSample/trustedIssuers.xml

<?xml version="1.0" encoding="UTF-8"?>
<issuers>
<issuer name="awesomecomputers.onmicrosoft.com" displayName="Awesome Computers"
realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@495c4a5e-38b7-49b9-a90f-4c0050b2d7f7" />
<issuer name="treyresearchinc.onmicrosoft.com" displayName="Trey Research Inc."
realm="spn:d184f6dd-d5d6-44c8-9cfa-e2d630dea392@13292593-4861-4847-8441-6da6751cfb86" />
</issuers>

参考资料

Single sign-on with Azure AD in PHP : http://www.lewisroberts.com/2015/09/04/single-sign-on-with-azure-ad-in-php/

Azure/azure-sdk-for-php-samples : https://github.com/Azure/azure-sdk-for-php-samples